At this year’s DefCon, a security problem inherent to the default settings in GMail was unveiled. The problem is that, by default, GMail does not use encrypted sessions.
This can be a problem if you use public computers, because the session key might be retrievable. With the session key in hand, access is apparently simple enough to gain.
Luckily, this is simply corrected. Here’s how:
- Log in to GMail
- Go to “settings”
- In the General tab, find the “Browser connection” setting
- Set it like so: